Spread our blog

Create A Comment Box In Splunk Dashboard & Which Will Store The Information In A Lookup File.

Hi, every day today we are back with an interesting trick of Splunk, we will try to add a comment box in our dashboard for the end-users, to add comments on their user experience over that particular dashboard.
Let’s Start.

Use Case:
Here we have a sample dashboard called “Airline Dashboard” which has two panels only.

We will try to add a comment box on top of this dashboard with three fields “Name” (who is commenting), “Comment”, and “Ratings” (Ratings on our dashboard). Finally, the entry of these inputs will store in a lookup file, which we will analyze later or add those comments in this dashboard.

Step 1:
Now go to the dashboard and click on Edit > Add Input > Text

Then Create a Text input for “Name” with a token name “name” which is shown below.

In the same way, we have created a couple of more text inputs for “Comment” with a token name “cmt” and for “Ratings” with a token name “rts” and we have also added a “submit” button from the input.

If you don’t know how to Add the Text Input and Submit Options you can visit the below links.

How to Add Submit Input option to Splunk Dashboard
How to Add Text Input option to Splunk Dashboard

Step 2:

| makeresults
| eval Name=split("$name$",","),Comment=split("$cmt$",","),Ratings=split("$rts$",",")
| mvexpand Comment
| mvexpand Name
| mvexpand Ratings
| table _time Name Comment Ratings
| outputlookup append=true airline_dashboard_comment.csv

Here we have used “makeresults” as a generating command then using “eval” we have created three fields “Name”, “Comment” and “Ratings” same as our input after that we added those respective tokens into those fields. That means whenever an input will be added to these tokens, the following fields will update with the values. Using the “mvexpand” command we expanded those multi-valued fields into single-valued fields. After that using the table command, we structured all four fields (including _time, which is generated by default with the “makeresults” command). Finally using the “outputlookup” command we stored the complete result within a lookup file named “airline_dashboard_comment.csv” and we have used “append=true” which means whenever a new entry will come it will add with the old data and nothing will overwrite.

You can also know about :  Sorting Tricks With Splunk Single Value Visualization In Trellis View On The Basis Of Count

If you don’t know the usages of the makeresults, mvexpand, and outputlookup commands please visit the below links.

Usage of Splunk Commands: MAKERESULTS
Usage of Splunk Commands: MVEXPAND

Now copy this query and go to your dashboard and click on Edit> Add Panel > New > Statistical Table and paste your query > Add to dashboard.
Now Save the dashboard and refresh it.

Now click on and Edit and then click on Source Code and make the changes as shown below.
Go to the panel we have just added and within the panel, tag add “ depends=”$hide$” ”,
To hide that panel, this is unnecessary to show.

Now Save the dashboard and refresh it.
Now fill in the text input in the comment boxes and see data loading in the lookup.

Now run this command to see the content of the lookup,

| inputlookup  airline_dashboard_comment.csv

Wow! It’s really awesome right.

If you want to add that lookup result in your dashboard, you can add which will look great.

This is it, hope you all enjoying Splunk as always.
Happy Splunking!!

What’s your Reaction?

Spread our blog



Please enter your comment!
Please enter your name here